Re: Q : iptables script?

From: Jari Laurila (jlaurmi_at_systemshock.iwantspam.org.invalid)
Date: 10/25/03


Date: Sat, 25 Oct 2003 16:16:27 +0300

On Fri, 24 Oct 2003 22:44:05 -0700, Felix Tilley wrote:

> Is this the right way to do it?
>
> And how do I make it log and drop at the same time?
>
> ========================================
>
> #!/bin/bash
>
> iptables -A INPUT -s 200.0.0.0/8 -j LOG --log-level debug
> iptables -A INPUT -s 4.0.0.0/8 -j LOG --log-level debug
> iptables -A INPUT -s 12.0.0.0/8 -j LOG --log-level debug
> iptables -A INPUT -s 24.0.0.0/8 -j LOG --log-level debug

Why don't you make your own chain to do the both operations.

iptables -N LOGDROP
iptables -A LOGDROP -j LOG --log-level debug
iptables -A LOGDROP -j DROP

After creating the chain, you can use it as target in your scripts.

iptables -A INPUT -s 200.0.0.0/8 -j LOGDROP

-- 
Jari Laurila


Relevant Pages

  • Google Summer of Code 2009: Student applies to create a Better IPTables Management Tool
    ... a student) and select the Linux Foundation ... The tool focuses on helping the user to perceive what a particular chains of rules in a particular table does to a user specified packet. ... As the project aims for better IPtables management tool, I can contribute with my hard earned 3 years experience in maintenance of firewalls. ... The tools helps the user to either select all the rules in the chain or some particular rules and tells the impact of the application of selected rules upon the incoming/outgoing packet. ...
    (Linux-Kernel)
  • Fedora 17, iptables and ip6tables not allowing connections to running services
    ... I'm having an issue with both iptables and ip6tables not allowing ... This is also true when turning off ip6tables. ... --ctstate NEW -j TCP ... # Since we're not a nat box or router set the FORWARD chain to DROP: ...
    (Fedora)
  • Re: Sample iptables rules list, inviting your suggestions / criticisms (thanks) :-)
    ... iptables commandline syntax. ... rules into a user-defined chain, so you need to define them only once. ... As I had suggested in I'd put the DNS ... $ipt -P OUTPUT DROP ...
    (comp.security.firewalls)
  • Re: change in behavior of iptables with respect to firestarter
    ... in iptables are not in effect at all until I actually bring up the ... Firestarter user interface during a given session. ... Chain FORWARD (policy ACCEPT) ...
    (Debian-User)
  • Need Help Figuring Out a DMZ Setup
    ... i have just built a new firewall box running redhat 8 & iptables. ... i can access my web site on the server in the dmz. ... packets that came from that lan (like checking mail, ... # Create chain for bad tcp packets ...
    (comp.os.linux.security)